Summary: LogicalDOC is a free document management system that is designedto handle and share documents within an organization. LogicalDOC is a contentrepository, with Lucene indexing, Activiti workflow, and a set of automaticimport procedures.

Desc: LogicalDOC suffers from multiple authenticated OS command executionvulnerabilities by manipulating the path of the many binaries included in thepackage when changing the settings with their respected arguments. This can beexploited to execute local root privilege escalation attack and/or inject andexecute arbitrary system commands as the root or SYSTEM user depending on theplatform affected.

After saving the settings, the command will be executed whenever a user uploads a filethat was inserted in the 'default.antivirus.includes' list. PoC for antivirus.command:--------------------------------------------------------------------------------------